I'm trying to digitally sign some content, including the whole certificate chain in the signature (so that recipient can verify the signature with no problems). I get the following error: "An internal certificate chaining error has occurred" when calling the ComputeSignature() method.
Both root CA and intermediate CA certificates are installed in my machine. I'm trying to sign the content with a Verisign email certificate.
Intermediate CA certificate is: VeriSign Class 1 Individual Subscriber CA - G3
Root CA certificate is: VeriSign Class 1 Public Primary Certification Authority - G3
Here's the code I'm using:
public static byte[] GetSignature(
string message,
X509Certificate2 signingCertificate)
{
byte[] messageBytes = Encoding.ASCII.GetBytes(message);
SignedCms signedCms开发者_StackOverflow = new SignedCms(new ContentInfo(messageBytes), true);
CmsSigner cmsSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signingCertificate);
cmsSigner.IncludeOption = X509IncludeOption.WholeChain;
Pkcs9SigningTime signingTime = new Pkcs9SigningTime();
cmsSigner.SignedAttributes.Add(signingTime);
signedCms.ComputeSignature(cmsSigner, false);
return signedCms.Encode();
}
精彩评论